Networks

Question

Gravatar
0 Votes
Locked

vpn server name resolution

By jedimaster ·
Hi there. I've some problem which is pestering me. But I have to explain the whole network first so bear with me.

Server:
FQDN: test.testdom.plyfoam.local
NetBIOS: TEST
Services: DNS
DHCP (192.168.1.10-192.168.1.80)
RRAS: Router (LAN and Demand-dial routing, Remote access server)
Enable IP Routing, Allow IP-based RA and DD routing
Static address pool: 192.168.1.81-192.168.1.100
Enable broadcast name resolution
Use adapter NIC1 for DHCP, DNS etc?
IGMP: NIC1 ? Router v3, NIC2 - Proxy

NIC1: 192.168.1.1/255.255.255.0 using DNS 192.168.1.1 connected to switch to which all LAN pcs are conencted.

NIC2: 192.168.10.2/255.255.255.0, Gateway 192.168.10.1, DNS 192.168.1.1 connected to netgear ADSL Router.

ADSL Router: 192.168.10.1/255.255.255.0
DHCP Server: 192.168.10.2 ? 192.168.10.254
WAN: Dynamic address from ISP
Firewall rules: Allow TCP 1373, UDP 1434, VPN: TCP 1723

I have registered the server on the web using dyndns.org

If I connect to the server through VPN, all goes well. However, if I ping 192.168.1.1, I get replies but if I ping test.testdom.plyfoam.local, I get replies from IP 192.168.10.2. Why is that? And is there any way for me to get replies for the name test.testdom.plyfoam.local at IP 192.168.1.1?

My thing is that I also have SQL server running on the server and when I log on through VPN, there are some default settings used in replication where they use the settings from the server which contains the names instead of IP. e.g. Distributor [TEST\TEST] and when the client tries to access the distributor, it addresses the wrong IP. For the client connecting through VPN, the correct IP for "test" and "test.testdom.plyfoam.local" is 192.168.10.2. Which is wrong...

Thanks for helping me out.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

gravatar
Collapse -

I can't specifically help you with this...

by boxfiddler Moderator In reply to vpn server name resolutio ...

but as I smarted off at you in the Discussions forum, here is a tidbit or two.

Be patient.
Use your profile and 'My Forum Posts' to keep an eye on this question. If it disappears off the board quickly - and it might as it is now late night in a significant portion of the world - return to this post via 'My Forum Posts' and 'bump' it back onto the front page of the boards by posting a reply. Keep this up until you see it come back onto the front page, and until you get an answer if need be.
Good Luck!

gravatar
Collapse -

thanks

by jedimaster In reply to I can't specifically help ...

thanks for the tip

gravatar
Collapse -

It's working as it should.

by bart777 In reply to vpn server name resolutio ...

The problem is that when you are attached via VPN you are attaced to the 192.168.10.2 interface of the server. So if you ping that server by name it will respond from that interface.

The only way I can see to fix this issue is to flatten out your network. Go to a single NIC on the server.
Reconfigure the Router to the 192.168.1.x network.
Change the internal network to use the router as the gateway.
Make sure that DHCP has this gatway info setup correctly as well.
Reconfigure your port forwarding to point to 1.1 NIC on the server.

I'm sure I've forgotten a step or 2 here but I hope you see where I'm going. The current config that youa re usign is doing just what you told it to. The only way your VPN users will be able to address that 1.1 address is if they actually go thru that interface.

The only other way to do this is to change your application to respond to both NICs.

Best of luck.

gravatar
Collapse -

ok but security wise?

by jedimaster In reply to It's working as it should ...

Ok thanks. But security wise? I always thought it's better to have two separate networks for internet connection.

gravatar
Collapse -

You are correct.

by bart777 In reply to ok but security wise?

In a perfect world you would want to have that seperate network.

However some applications were just never writen for that perfect world. All you can do in this case is to make sure that the firewall is properly configured to protect your netowrk. Close off everything that isn't needed. Lock the network up so tight that it hurts. It's better to over secure things and then poke holes as needed than to leave things too loose.
Even with a seperate network you would want to do it this way, but with a flat topology you just need to be extra vigilant.

gravatar
Collapse -

changes made but some trouble crop up

by jedimaster In reply to You are correct.

Ok. Here's how I changed things. Router is now configured as 192.168.1.2/255.255.255.0 and disabled DHCP service.

NIC1 remains the same. NIC2 now becomes 192.168.1.3/255.255.255.0/Gateway 192.168.1.2/DNS 192.168.1.1.

Ok, something weird with the above config. Ping www.google.com gives replies but ping 192.168.1.2 says "Request timed out".

I haven't tried to access the VPN over the internet yet but I'm sure it should be working ok. But is the above normal?

gravatar
Collapse -

corrected!

by jedimaster In reply to changes made but some tro ...

All's ok now. Added a static route in RRAS: Interface NIC2, Dest. 192.168.1.2/255.255.255.255, Gateway 192.168.1.3, Metric 1

Back to Networks Forum

Start or search

Related Discussions

Related Forums